BID:38906

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

Info

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

Bugtraq ID:	38906
Class:	Design Error
CVE:	CVE-2010-0618
Remote:	Yes
Local:	No
Published:	Mar 23 2010 12:00AM
Updated:	Mar 19 2015 09:42AM
Credit:	Francis Provencher from Protek Research Labs
Vulnerable:	Lexmark Z2420 NET.AR.N204 Lexmark Z15xx NET.MH.N206 Lexmark Z1420 NET.MH.N206 Lexmark X9575 NET.CH.N208 Lexmark X94x LC.BR.P049 Lexmark X9350 LC.DA.P076 Lexmark X86x LP.SP.P112 Lexmark X85x LC4.BE.P457 Lexmark X782e LC2.TO.P305c Lexmark X772e LC.TR.P275 Lexmark X7675 NET.CH.N208 Lexmark X7550 NET.MH.N206 Lexmark X73x LR.FL.P224b Lexmark X6650 NET.AR.N204 Lexmark X65x LR.MN.P224a Lexmark X6570 NET.MH.N206 Lexmark X64xef LC2.TI.P305a Lexmark X646 LC2.MC.P307a Lexmark X644 LC2.MC.P307a Lexmark X642 LC2.MB.P307b Lexmark X544 LL.EL.P424 Lexmark X543 LL.EL.P424 Lexmark X4975VE NET.CH.N208 Lexmark X4975 NET.AR.N204 Lexmark X4875 NET.MH.N206 Lexmark X46x LR.BS.P224a Lexmark X4650 NET.AR.N204 Lexmark X4550 NET.MH.N206 Lexmark X422 GN.AQ.P202 Lexmark X36x LL.BZ.P424 Lexmark X34x 401.ec4 Lexmark X26x LL.BZ.P424 Lexmark X20x LM1.MT.P110h Lexmark W850 LP.JB.P108WS Lexmark W840 LS.HA.P121 Lexmark T656 LSJ.SJ.P019 Lexmark T654 LR.JP.P224a Lexmark T652 LR.JP.P224a Lexmark T650 LR.JP.P224a Lexmark T64x LS.ST.P240 Lexmark T430 JX.JU.P101 Lexmark N8130 NR.APS.N368 Lexmark N8120 NR.APS.N368 Lexmark N70xxe LC.CO.N054 Lexmark N4050e GO.GO.N106 Lexmark N4000 PH2.ME.N134 Lexmark E462 LR.LBH.P224cWS Lexmark E460 LR.LBH.P224a Lexmark E450 LM.SZ.P113vcREF Lexmark E360dn LL.LBM.P424 Lexmark E360d LL.LBL.P424 Lexmark E350 LE.PH.P121 Lexmark E34x BR.H.P204 Lexmark E33x 141.C09 Lexmark E260 LL.LBL.P424 Lexmark E250 LE.PM.P121 Lexmark E240n BR.Q.P204 Lexmark E240 BR.M.P204 Lexmark E23x 141.C09 Lexmark E238 BR.M.P204 Lexmark E120 LE.UL.P040 Lexmark C935dn LC.JO.P051 Lexmark C920 LS.TA.P127 Lexmark C78x LC.IO.P165a Lexmark C77x LC.CM.P027b Lexmark C73x LR.SK.P224a Lexmark C546 LU.AS.P424 Lexmark C544 LL.AS.P424 Lexmark C543 LL.AS.P424 Lexmark C540 LL.AS.P424 Lexmark C53x LS.SW.P026avc Lexmark C52x LS.FA.P129 Lexmark C510 891.004 Lexmark 25xxN LCL.CU.P105

Not Vulnerable:	Lexmark Z2420 NET.AR.N205 Lexmark Z15xx NET.MH.N207 Lexmark Z1420 NET.MH.N207 Lexmark X9575 NET.CH.N209 Lexmark X94x LC.BR.P051HDs1 Lexmark X94x LC.BR.P051HDs Lexmark X9350 LC.DA.P077 Lexmark X86x LP.LP.P311h Lexmark X86x LP.LP.P311e Lexmark X85x LC4.BE.P457S1 Lexmark X85x LC4.BE.P457S Lexmark X782e LC2.TO.P305cS1 Lexmark X782e LC2.TO.P305cS Lexmark X772e LC2.TR.P275S1 Lexmark X772e LC2.TR.P275S Lexmark X7675 NET.CH.N209 Lexmark X7550 NET.MH.N207 Lexmark X73x LR.FL.P311h Lexmark X73x LR.FL.P311e Lexmark X6650 NET.AR.N205 Lexmark X65x LR.MN.P311h Lexmark X65x LR.MN.P311e Lexmark X6570 NET.MH.N207 Lexmark X64xef LC2.TI.P305aS1 Lexmark X64xef LC2.TI.P305aS Lexmark X646 LC2.MC.P307aS1 Lexmark X646 LC2.MC.P307aS Lexmark X644 LC2.MC.P307aS1 Lexmark X644 LC2.MC.P307aS Lexmark X642 LC2.MB.P307bS1 Lexmark X642 LC2.MB.P307bS Lexmark X544 LL.EL.P429a Lexmark X543 LL.EL.P429a Lexmark X4975VE NET.CH.N209 Lexmark X4975 NET.AR.N205 Lexmark X4875 NET.MH.N207 Lexmark X46x LR.BS.P311h Lexmark X46x LR.BS.P311e Lexmark X4650 NET.AR.N205 Lexmark X4550 NET.MH.N207 Lexmark X36x LL.BZ.P429a Lexmark X26x LL.BZ.P429a Lexmark X20x LM1.MT.P214 Lexmark W850 LP.JB.P311h Lexmark W850 LP.JB.P311e Lexmark W840 LS.HA.P225S Lexmark W840 LS.HA.P121S1 Lexmark W840 LS.HA.P121S Lexmark T656 LSJ.SJ.P019S Lexmark T654 LR.JP.P311h Lexmark T654 LR.JP.P311e Lexmark T652 LR.JP.P311h Lexmark T652 LR.JP.P311e Lexmark T650 LR.JP.P311h Lexmark T650 LR.JP.P311e Lexmark T64x LS.ST.P240S1 Lexmark T64x LS.ST.P240S Lexmark N8130 NR.APS.447c Lexmark N8120 NR.APS.447c Lexmark N70xxe LC.CO.N069 Lexmark N4050e GO.GO.N206 Lexmark N4000 LC.MD.P012d Lexmark E462 LR.LBH.P311h Lexmark E462 LR.LBH.P311e Lexmark E460 LR.LBH.P311h Lexmark E460 LR.LBH.P311e Lexmark E450 LM.SZ.P113vcREs1 Lexmark E450 LM.SZ.P113vcREs Lexmark E360dn LL.LBM.P429a Lexmark E360d LL.LBL.P429a Lexmark E260 LL.LBL.P429a Lexmark C935dn LC.JO.P051S1 Lexmark C935dn LC.JO.P051S Lexmark C920 LS.TA.P127S Lexmark C920 LS.TA.P127EPs Lexmark C78x LC.IO.P165aS1 Lexmark C78x LC.IO.P165aS Lexmark C77x LC.CM.P027bS1 Lexmark C77x LC.CM.P027bS Lexmark C73x LR.SK.P311h Lexmark C73x LR.SK.P311e Lexmark C546 LU.AS.P429a Lexmark C544 LL.AS.P429a Lexmark C543 LL.AS.P429a Lexmark C540 LL.AS.P429a Lexmark C53x LS.SW.P027LPCs Lexmark C53x LS.SW.P026avcS1 Lexmark C53x LS.SW.P026avcS Lexmark C52x LS.FA.P129S1 Lexmark C52x LS.FA.P129S Lexmark C52x LS.FA.P129LPCs Lexmark 25xxN LC.CU.P106

Discussion

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

Multiple Lexmark laser printers are prone to a remote denial-of-service vulnerability because the devices do not properly implement flood protection to the FTP service.

Exploiting this issue allows remote attackers to cause the device to enable flood protection indefinitely, effectively denying service to legitimate users.

Exploit / POC

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

Attackers can exploit this issue with readily available tools.

Solution / Fix

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Multiple Lexmark Laser Printers FTP Service Remote Denial of Service Vulnerability

References:

Lexmark Homepage (Lexmark)
{PRL} Lexmark Multiple Laser printer FTP Remote Denial of Services (Francis Provencher )
FTP Denial of Service Security Vulnerability Table of Contents (Lexmark)